Do not log potentially sensitive data below DEBUG log level (#1192)

* Do not log potentially sensitive data below DEBUG log level

Currently EPP and BBR might log potentially sensitive data at
`DEFAULT` or `VERBOSE` log level.

Signed-off-by: Pierangelo Di Pilato <[email protected]>

* Avoid logging request body when failing to unmarshal body

Signed-off-by: Pierangelo Di Pilato <[email protected]>

---------

Signed-off-by: Pierangelo Di Pilato <[email protected]>

Author: pierDipi

pkg/bbr/handlers/server.go

@@ -83,7 +83,11 @@ func (s *Server) Process(srv extProcPb.ExternalProcessor_ProcessServer) error {
 				responses, err = s.HandleRequestHeaders(req.GetRequestHeaders())
 			}
 		case *extProcPb.ProcessingRequest_RequestBody:
-			loggerVerbose.Info("Incoming body chunk", "body", string(v.RequestBody.Body), "EoS", v.RequestBody.EndOfStream)
+			if logger.V(logutil.DEBUG).Enabled() {
+				logger.V(logutil.DEBUG).Info("Incoming body chunk", "body", string(v.RequestBody.Body), "EoS", v.RequestBody.EndOfStream)
+			} else {
+				loggerVerbose.Info("Incoming body chunk", "EoS", v.RequestBody.EndOfStream)
+			}
 			responses, err = s.processRequestBody(ctx, req.GetRequestBody(), streamedBody, logger)
 		case *extProcPb.ProcessingRequest_RequestTrailers:
 			responses, err = s.HandleRequestTrailers(req.GetRequestTrailers())
@@ -97,12 +101,20 @@ func (s *Server) Process(srv extProcPb.ExternalProcessor_ProcessServer) error {
 		}
 
 		if err != nil {
-			logger.V(logutil.DEFAULT).Error(err, "Failed to process request", "request", req)
+			if logger.V(logutil.DEBUG).Enabled() {
+				logger.V(logutil.DEBUG).Error(err, "Failed to process request", "request", req)
+			} else {
+				logger.V(logutil.DEFAULT).Error(err, "Failed to process request")
+			}
 			return status.Errorf(status.Code(err), "failed to handle request: %v", err)
 		}
 
 		for _, resp := range responses {
-			loggerVerbose.Info("Response generated", "response", resp)
+			if logger.V(logutil.DEBUG).Enabled() {
+				logger.V(logutil.DEBUG).Info("Response generated", "response", resp)
+			} else {
+				loggerVerbose.Info("Response generated")
+			}
 			if err := srv.Send(resp); err != nil {
 				logger.V(logutil.DEFAULT).Error(err, "Send failed")
 				return status.Errorf(codes.Unknown, "failed to send response back to Envoy: %v", err)

pkg/epp/handlers/server.go

@@ -208,8 +208,11 @@ func (s *StreamingServer) Process(srv extProcPb.ExternalProcessor_ProcessServer)
 				loggerTrace.Info("decoding")
 				err = json.Unmarshal(body, &reqCtx.Request.Body)
 				if err != nil {
-					logger.V(logutil.DEFAULT).Error(err, "Error unmarshaling request body")
-					err = errutil.Error{Code: errutil.BadRequest, Msg: "Error unmarshaling request body: " + string(body)}
+					if logger.V(logutil.DEBUG).Enabled() {
+						err = errutil.Error{Code: errutil.BadRequest, Msg: "Error unmarshaling request body: " + string(body)}
+					} else {
+						err = errutil.Error{Code: errutil.BadRequest, Msg: "Error unmarshaling request body"}
+					}
 					break
 				}
 
@@ -254,7 +257,11 @@ func (s *StreamingServer) Process(srv extProcPb.ExternalProcessor_ProcessServer)
 			var responseErr error
 			reqCtx, responseErr = s.HandleResponseHeaders(ctx, reqCtx, v)
 			if responseErr != nil {
-				logger.V(logutil.DEFAULT).Error(responseErr, "Failed to process response headers", "request", req)
+				if logger.V(logutil.DEBUG).Enabled() {
+					logger.V(logutil.DEBUG).Error(responseErr, "Failed to process response headers", "request", req)
+				} else {
+					logger.V(logutil.DEFAULT).Error(responseErr, "Failed to process response headers")
+				}
 			}
 			reqCtx.respHeaderResp = s.generateResponseHeaderResponse(reqCtx)
 
@@ -285,14 +292,22 @@ func (s *StreamingServer) Process(srv extProcPb.ExternalProcessor_ProcessServer)
 					var responseErr error
 					responseErr = json.Unmarshal(body, &responseBody)
 					if responseErr != nil {
-						logger.V(logutil.DEFAULT).Error(responseErr, "Error unmarshaling request body", "body", string(body))
+						if logger.V(logutil.DEBUG).Enabled() {
+							logger.V(logutil.DEBUG).Error(responseErr, "Error unmarshalling request body", "body", string(body))
+						} else {
+							logger.V(logutil.DEFAULT).Error(responseErr, "Error unmarshalling request body")
+						}
 						reqCtx.respBodyResp = generateResponseBodyResponses(body, true)
 						break
 					}
 
 					reqCtx, responseErr = s.HandleResponseBody(ctx, reqCtx, responseBody)
 					if responseErr != nil {
-						logger.V(logutil.DEFAULT).Error(responseErr, "Failed to process response body", "request", req)
+						if logger.V(logutil.DEBUG).Enabled() {
+							logger.V(logutil.DEBUG).Error(responseErr, "Failed to process response body", "request", req)
+						} else {
+							logger.V(logutil.DEFAULT).Error(responseErr, "Failed to process response body")
+						}
 					} else if reqCtx.ResponseComplete {
 						reqCtx.ResponseCompleteTimestamp = time.Now()
 						metrics.RecordRequestLatencies(ctx, reqCtx.Model, reqCtx.ResolvedTargetModel, reqCtx.RequestReceivedTimestamp, reqCtx.ResponseCompleteTimestamp)
@@ -308,7 +323,11 @@ func (s *StreamingServer) Process(srv extProcPb.ExternalProcessor_ProcessServer)
 
 		// Handle the err and fire an immediate response.
 		if err != nil {
-			logger.V(logutil.DEFAULT).Error(err, "Failed to process request", "request", req)
+			if logger.V(logutil.DEBUG).Enabled() {
+				logger.V(logutil.DEBUG).Error(err, "Failed to process request", "request", req)
+			} else {
+				logger.V(logutil.DEFAULT).Error(err, "Failed to process request")
+			}
 			resp, err := buildErrResponse(err)
 			if err != nil {
 				return err

pkg/epp/scheduling/scheduler.go

@@ -50,7 +50,7 @@ type Scheduler struct {
 
 // Schedule finds the target pod based on metrics and the requested lora adapter.
 func (s *Scheduler) Schedule(ctx context.Context, request *types.LLMRequest, candidatePods []types.Pod) (*types.SchedulingResult, error) {
-	logger := log.FromContext(ctx).WithValues("request", request)
+	logger := log.FromContext(ctx).WithValues("requestId", request.RequestId, "targetModel", request.TargetModel)
 	loggerDebug := logger.V(logutil.DEBUG)
 
 	scheduleStart := time.Now()
@@ -86,7 +86,7 @@ func (s *Scheduler) Schedule(ctx context.Context, request *types.LLMRequest, can
 	}
 
 	if len(profileRunResults) == 0 {
-		return nil, fmt.Errorf("failed to run any scheduler profile for the request - %s", request)
+		return nil, fmt.Errorf("failed to run any scheduler profile for request %s", request.RequestId)
 	}
 
 	loggerDebug.Info("Running profile handler, ProcessResults", "plugin", s.profileHandler.TypedName().Type)

test/integration/epp/hermetic_test.go

@@ -219,7 +219,7 @@ func TestFullDuplexStreamed_KubeInferenceModelRequest(t *testing.T) {
 			wantErr: false,
 			wantResponses: integrationutils.NewImmediateErrorResponse(
 				envoyTypePb.StatusCode_BadRequest,
-				"inference gateway: BadRequest - Error unmarshaling request body: no healthy upstream",
+				"inference gateway: BadRequest - Error unmarshaling request body",
 			),
 		},
 		{